5,198 Linux, Windows OS Flaws in 2005

The United States Computer Emergency Readiness Team released its year-end summary of computer vulnerabilities. While Windows is regarded as the most insecure operating system, the US-CERT found four times as many vulnerabilities specifically related to Unix and Linux. Of 5,198 reported flaws, 812 were for the Windows, 2,328 for Unix and Linux, and 2,058 more affected more than one operating system.

The good thing is, while their maybe more flaws in Linux/Unix ... the fact that it isn't any where near is popular as Windows, helps it remain 'safe', I don't believe there as many currently active exploitable holes as there are in Windows. I feel completely safe using it, I'm far more adventurous in Linux than Windows, in regards to risky hex ... I employ as no security measures other than file permissions, a basic firewall, (other than the gateway router) and an Clam AV ... and still no harm done.

It is funny though how popularity dictates perception .... I'd have thought it the other way around ... Overall good going by M$. Other than the latest current exploit, which has been known to them for quite some time, yet remained unpatched until the day before yesterday. It says a lot about Microsofts new dedication to security. Well done.

This is very dumb, actually. "Unix/Linux" is not a single operating system. Any given OpenBSD or NetBSD distribution has had only an infinitesimal part of the reported "Unix/Linux" vulnerabilities. Not to mention that to define a thing "a vulnerability" says almost nothing at all anyway. A local denial of service is certainly not like a remote root access vulnerability.

Also, many Linux distributions come with a truckload of installed programs; Windows comes with almost no installed programs at all. Are they including those utilities too?

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorized," Mark Cox, a consulting software engineer at Red Hat, said. "For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."

Yep. Actually, these statistics are not even "flawed", they are just dumb. I work both on a Windows machine and UNIX machine and I certainly didn't have to fix 2,328 vulnerabilities for the latter (nor did anybody in the world for his own). On the contrary, I almost had nothing to patch at all.